N
Đã gửi từ iPhone của tôi
Ngày 24-01-2012, vào lúc 18:19, Kalil Costa - Brasilsite
ka...@brasilsite.com.br viết:
I can't block port 25, if I do this I don't receive mail from other mx mail
and my clients are on the internet, anywhere in the world.
Em 23-01-2012 19:57, Postmaster escreveu:
Kalz
Why not using iptables to block any outgoing SMTP connection?
iptables -A FORWARD -o eth0 -p tcp --dport 25 -j REJECT
Regards
Alex
On 20/01/2012 20:02, Kalil Costa - Brasilsite wrote:
Thks Dan,
I understand completely, I think I'll work with 465.
And how to lock my users for doesn't to use port 25 ? I want to receive
only external mails in port 25 and my clients to use port 465. Is it the
correct way ?
thks again Dan.
Em 20-01-2012 15:41, Dan McAllister escreveu:
Kalil (aka: Kalz):
Port 587 ususlly does NOT force the use of SSL/TLS -- the port is defined
as a submission port and is most often used as a replacement for SMTP
in environments that otherwise BLOCK port 25 access (like some ISPs do --
allowing port 25 ONLY to their own SMTP servers and/or relays).
There is another port - 465 - that is another well-known port defined as
SMTPS whose specifications match what you want: a port that only allows
SSL/TLS connections.
OK, that part out of the way, here's how you add one or the other (NOTE: I
take some shortcuts here -- like using tar pipes -- that some may object
to... all I can say is that it works!)
Step 1: Create the supervise folders to make qmail listen on the
additional ports
a) CD to the supervise folder
cd /var/qmail/supervise
b) copy the smtp directory tree into a new tree called submission (for
port 587) and then another called smtp-ssl (for port 465)
for DIR in submission smtp-ssl ; do
mkdir $DIR
chown qmaill:qmail $DIR
chmod 1700 $DIR
tar cvf - -C smtp . | tar xvf - -C $DIR
done
c) Modify the run scripts in the new folders as below
In the SUBMISSION folder:
BEFORE the exec line at the bottom, add (or modify if they already
exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=0
ON the exec line at the bottom, change the 25 (should be right
after a 0) to 587
Notes:
1) the exec line usually has continuation marks (line ends
with a \) -- this makes the last several ACTUAL lines one VIRTUAL line
(and improves readability)
2) your installation MAY use a variable (e.g.: USEPORT) -- if
so, look for the line above that ends in =25 and change that one!
In the SMTPS folder:
BEFORE the exec line at the bottom, add (or modify if they already
exist) the lines:
export REQUIRE_AUTH=1
export SMTPS=1
ON the exec line at the bottom, change the 25 (should be right
after a 0) to 465
Notes:
1) the exec line usually has continuation marks (line ends
with a \) -- this makes the last several ACTUAL lines one VIRTUAL line
(and improves readability)
2) your installation MAY use a variable (e.g.: USEPORT) -- if
so, look for the line above that ends in =25 and change that one!
d) OPTIONALLY:
If you're UNLIKE like me and you trust users NOT to be the SOURCE of
SPAM, then you can remove any SPAMDYKE or SPAMASSASSIN processing you may
have configured for your standard (open) SMTP port
I hope this helps!
Dan McAllister
IT4SOHO
On 1/20/2012 12:09 PM, Kalil Costa - Brasilsite wrote:
Guys,
How to configure my qmailtoaster to use port 587 SMTPS Submission for my
clients and port 25 for other servers from internet ? Some like this
--CLIENTS- port smtp/587- **
*
SERVER *
--OTHER INTERNET MAIL SERVERS --- port 25--- *
QMAILTOASTER *
*
*
--CLIENTS - port 25 ***BLOCKED******
Thanks for help
Kalz
-
Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster
support and installations. If you need professional help with your setup,
contact them today!
-
Please visit qmailtoaster.com for the latest news, updates, and
packages. To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands,
e-mail: qmailtoaster-list-h...@qmailtoaster.com
-
Qmailtoaster is sponsored by Vickers Consulting Group